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1.   INTRODUCTION 

The  technological  development  of  the  last  two  decades, 
particularly  in  the  areas  of  space  flight,  nuclear  power  generation, 
and  weapons  systems,  has  forced  reliability  analysts  to  consider 
systems  whose  configuration  change  over  time.   "Phased  missions" 
have  received  attention  in  the  basic  papers  of  Rubin  [5]  and 
Weisberg  and  Schmidt  [9]  which  present  computational  procedures 
to  approximately  predict  mission  reliability  and  crew  safety  for 
manned  spacecraft,  and  in  the  United  States  Navy  reliability 
manual  NAVORD  OD  29  304  Revision  A  [8] . 

Recently,  Esary  and  Ziehms  [4]  have  investigated  a  phased 
mission  of  the  following  form: 

A  system  consists  of  several  independently  performing 
components  each  of  which  functions  continuously  in  time 
until  failure  occurs,  and  remains  failed  thereafter; 
repair  or  replacement  is  not  possible.   The  system  per- 
forms a  mission  which  is  divided  into  consecutive  time 
periods,  or  phases,  of  known  duration.   The  system  con- 
figuration, defined  as  a  subset  of  the  components  and 
their  functional  organization,  changes  from  phase  to  phase. 
As  is  the  case  with  individual  components,  only  two  states 
of  the  system  are  recognized,  functioning  or  failed.   The 
mission  is  successful  if  the  system  functions  throughout 
all  phases. 
Their  main  result  is  that  any  multi-phase  mission  of  this  type 
can  be  transformed  into  an  equivalent,  synthetic,  single-phase 


system,  and  thus  that  the  phased  mission  problem  can  be  solved  in 
principle  by  standard  reliability  methods.   They  point  out,  how- 
ever, that  a  direct  implementation  of  their  transformation  could 
be  frustrated  by  a  large  number  of  components  in  the  equivalent 
system. 

In  this  paper  we  employ  the  ideas  of  Esary  and  Ziehms  to 
study  some  approximations  to  mission  reliability  and  to  develop 
an  algorithm  which  may  be  of  practical  interest.   In  addition,  we 
extend  the  reliability  calculus  of  Rubinstein  [6,  7]  and  Esary  and 
Hayne  [1] ,  based  on  an  approximate  hazard  transform,  to  phased 
missions,  and  demonstrate  how  the  extended  calculus  can  be  used  in 
situations  where  phases  are  not  of  known  fixed  duration. 

2.   PROBLEM  FORMULATION  AND  PREVIOUS  RESULTS 

Suppose  that  the  system  under  consideration  has   n  compo- 
nents, labelled  C, ,...,C  ,   with  independent  times  to  failure 
T, ,...,T  .   For  all  times   t  ^  0,   define  the  performance  state 
indicator  vector  of  the  set  of  components   X (t)  =  (X, (t) , . .  .  ,X  (t) ) 
by  X  (t)  =  1   iff   T.  >  t,   and   X.  (t)  =  0   otherwise, 

K  K  k 

k  =  l,...,n.   Assume  that  the  mission  is  divided  into  m   phases, 

and  that  phase   j   starts  at  time   t.  ,   and  ends  at  time   t., 

j  =  l,...,m,   with   t0  =  0.   Finally,  let   <J>  .   be  the  structure 

function  which  describes  the  configuration  (assumed  to  be  coherent) 

of  the  system  in  phase   j,   j  =  l,...,m.   Then  the  event  that  the 

mission  is  successful  is   {<!>,  [X(t,  )]=l,...,<J>[X(t)]=l},   and 

1  ~  1  m  ~  m 

the  mission  reliability   p   can  be  expressed  as 


m 


(1)  p  =  E  TT     ^[XJt,)  ]. 

j  =  l   J     J 

To  obtain  an  equivalent  single-phase  system,  pseudo- 
components   C,  .   are  introduced  whose  reliabilities  are  the  con- 
ditional phase  reliabilities  of  the  original  components. 
Formally,  for   k  =  l,...,n   and   j  =  l,...,m,   the  performance 
state  indicator  variable   U,  .   of  pseudo-component   C  .   has  the 
distribution 


(2) 


P[ukl  =  1]  =  p[xk(t1)  =  1]  , 


P[Ukj=l]  =  P[xk(tj)=i|xk(tj_1)=i], 


j  f   I- 


The  transformation  is  accomplished  by  replacing,  in  the  configura- 
tion for  phase   j ,   component   C    by  a  series  system  in  which 
the  pseudo-components   C,  ,  ,  . . . ,C,  .   perform  independently  with 
the  probabilities  of  functioning  given  in  (2) ,  and  by  regarding 
the  transformed  phase  configurations  as  subsystems  operating  in 
series.   As  an  illustration,  consider  the  following  example. 

Example  1 .  A  system  with  three  components  performs  a  three- 
phased  mission  whose  phase  configurations  can  be  represented  by  the 
block  diagrams 


in  phase  1 


in  phase  2: 


in  phase  3: 


Then  the  equivalent  system  has  the  block  diagram 


i —  C 


11 


'31 


11 


12 


21 


C    , 

^22 


'31 


C    — I 
^32 


C21     C22 


C    —  C 
U31      32 


'21 


c   —  c 

^22     ^23 


□ 


(3) 


The  reliability  of  the  equivalent  system  is 

m 

y 


(DTT(2) 


(J) 


=  e  TT   ♦  .(u|X|ul"...uIJ'.)f 
i=l  : 


where   U(l)  =  (U,  .  , . . . ,U  .)   and   U(l)U(£) 

~        li      ni        ~   ~ 


=  (U..  .tL  0  ,  .  .  .  ,U  .U  „) 
li  11  ni  n£ 


The  value  of   p   as  given  by  (3)  agrees  with  the  value  of   p   as 
given  by  (1)  [4,  Theorem  3.1],  and  thus  the  ordinary  reliability 
of  the  equivalent  system  whose  components  perform  independently 
is  the  same  as  the  reliability  of  the  orginal  system  for  its 
phased  mission. 


3.   SOME  BOUNDS  ON  MISSION  RELIABILITY 

An  obvious  first  approach  to  approximating  mission  relia- 
bility— discussed  in  [4]  and  repeated  here  for  the  sake  of  com- 
pleteness— is  to  compute  the  reliability  of  each  phase  configuration 


separately   and   then   to  multiply   the    results    together.      There   are 
at   least   two   choices   of    component   reliabilities    to   use    in   doing 
this:       the   component   conditional    phase    reliabilities 


(4) 


\l  =  piw-u 


\j    =  p[xk(tj)  =  1  lXk(tj-i)  =  1]  '  3    =   2  ,...,m, 


which  are  the  reliabilities  of  the  pseudo-components  in  the 
equivalent  system,  or  the  component  (unconditional)  reliabilities 
through  each  phase 

(5)       Pk.  =  P[Xk(t.)  =1]  =  TT    \±,  J  =  l,..-,m, 

k  =  l,...,n.   The  first  choice  leads  to  approximating  mission 

reliability  by 

m 
(6»  ¥PRF  "  TT    hj  (,,lj ¥nj>' 

and  the  second  choice  to  approximating  mission  reliability  by 

m 


(7)  PpRF 


=  ^.    ,    hj(Plj Pnj»' 

]=1     J       J  J 


where  in  both  cases   h.,   j  =  l,...m,   are  the  reliability  func- 
tions for  the  phase  configurations.   (The  reliability  function 
of  a  system  with  structure  function   <J)   is  defined  by   h(p,  ,...,p  ) 
=  E  $  (X, , . . . ,X  ) ,      where   X, , . . . ,X   are  independent  Bernoulli 
random  variables  with   P[X,  =1]  =  p,,   k  =  l,...,n.)   The  sub- 
script PRF   in  (6)  and  (7)  is  meant  to  indicate  that  these 
approximations  are  based  on  phase  reliability  functions. 


It  has  been  shown  using  (3)  [4,  Remark  4.1]  that  (6)  gives 
an  optimistic  result  and  that  (7)  gives  a  conservative  result, 
i.e.  that  for  p   as  given  by  (1)  or  (3), 

(8)  PpRF   *   P   *   7TpRF  . 

The  above  approximations  can  be  employed  only  when  the 
reliability  functions  of  all  m  phases  are  known.   Although  to 
compute  them  is  considerably  easier  than  to  compute  the  overall 
reliability  function  for  the  equivalent  system,  it  may  in  practical 
problems  still  be  a  formidable  task.   We  will  therefore  now  discuss 
an  approach  which  avoids  these  difficulties. 

For  coherent  single-phase  systems  with  independent  com- 
ponents, Esary  and  Proschan  [2]  have  established  two  bounds  on 
system  reliability  which  do  not  involve  the  reliability  function: 
the  minimal  path  upper  bound  and  the  minimal  cut  lower  bound. 
These  bounds,  when  applied  to  each  phase  separately,  can  be  used 
to  approximate  mission  reliability  in  the  multi-phase  case.   Let 
h   .   and   hT_..   denote  the  minimal  path  upper  bound  and  the 

UD^  Lid] 

minimal  cut  lower  bound,  respectively,  for  phase  configuration 
j,   j  =  l,...,m.   Using  basically  the  same  approach  as  before, 
and  choosing  as  component  reliabilities  the  conditional  phase 
reliabilities   it.    in  one  case  and  the  (unconditional)  relia- 
bilities   p,  .   in  the  other,  we  obtain  the  approximations 

m 

(9)  ^PUB  =  TT.     hUB   (7T    IT    ) 

J=l      J     J  J 

and 


m 

(10)  PPLB    =TT.    .     hLBj(plj Pnj»' 

j=l  J  ^  J 

where  the  subscripts  are  to  indicate  that  these  approximations 

are  based,  respectively,  on  phase  upper  bounds  and  phase  lower 

bounds.   Since  the  phase  configurations  are  coherent  by  assumption, 
hence   hTD.  £  h  .  s;  hTTT2  .  ,   j  =  l,...,m;   it  thus  follows  from  (6) 
and  (9)  that 

(11)  "pRF   S   "PUB' 
and  from  (7)  and  (10)  that 

(12)  PPLB   *   PPRF- 

From  (8) ,  (11) ,  and  (12)  we  can  conclude  that  (a)  is  an  upper 
bound  on  mission  reliability,  and  (10)  is  a  lower  bound  on  mission 
reliability. 

4.   CUT  CANCELLATION  AND  FURTHER  BOUNDS 

Rubin,  Weisberg  and  Schmidt  used  a  method  to  simplify  the 
sequence  of  phase  configurations  prior  to  beginning  reliability 
calculations  which  has  become  known  as  "cut  cancellation."   Cut 
cancellation  does  not  affect  mission  reliability  [4,  Remark  4.2] 
and  can  be  summarized  in  the  following  rule: 

A  minimal  cut  set  in  a  phase  can  be  cancelled,  i.e.  omitted 
from  the  list  of  minimal  cut  sets  for  that  phase,  if  it 
contains  a  minimal  cut  set  of  a  later  phase. 
The  next  example  illustrates  how  cut  cancellation  works. 


Example  2 .   Consider  the  mission  of  Example  1.   The  minimal 
cut  sets  are 

in  phase  1:   {C,,C,} 
-   in  phase  2:   {C^C^},  {C^C^},  {C2,C3> 
in  phase  3:   {C~} 

The  phase  1  cut  set   {C, ,C~}   contains  the  phase  2  cut  set 
{C, ,Cj},   and  thus  can  be  cancelled  in  phase  1,  leaving  a  config- 
uration which  can  never  fail.   Both  the  phase  2  cut  sets   {C, /C~} 
and   {Cp/C-.}   contain  the  phase  3  cut  set   {C?^'   so  tneY  can  be 
cancelled  in  phase  2.   After  cut  cancellation,  the  simplified 
phase  configurations  can  be  represented  by  the  block  diagrams 


in  phase  1: 


in  phase  2 


in  phase  3: 


After  cancellation,  the  transformation  can  be  applied  to  obtain 
the  equivalent  system  with  the  block  diagram 


11 


12 


'21 


22 


23 


'31 


32 


which  is  considerably  simpler  than  the  equivalent  system  of 
Example  1,  but  has  the  same  reliability.  Q 

The  methods  of  approximating  mission  reliability  described 
in  the  previous  section  can  also  be  employed  after  cut  cancella- 
tion has  been  performed.   Denoting  the  reliability  functions  of 
the  simplified  phase  configurations  by   h.,   j  =  l,...,m,   the 
approximations  corresponding  to   irpRp   and   PpRF   are 

m 

(13)  "prf-cc  =  TT    h-Cir^ Trnj) 

and 

m 

(14)  P«M_^  -  TT    h  (p ,.,..., p  •  ), 

1=1  J      ±J  - 


respectively,  where  the  added  subscript   CC   indicates  that  cut 

cancellation  has  been  performed.   Similarly,  denoting  by   hL   . 

and   hT  .   the  minimal  path  upper  bound  and  the  minimal  cut  lower 
LiOj 

bound,  respectively,  for  the  simplified  configuration  of  phase   j  , 

j  =  l,...,m,   we  obtain  the  approximations 

m 
(15)  ^PUB-CC  =        hrT„^  (ir^,.  .  .  ,tt„  J 


=  hrT_,  .  (IT.  .  ,  .  .  .  ,TT   . 

1  '-}  =  1   UBj   1]'      nj 


3 
and  ' 

m 
(16)  PPLB-CC  =  TT.    h"  .(p pnj). 

To  show  that  these  four  approximations  are  bounds  on  mission 

reliability,  we  observe  first  that  since  the  simplified  phase 

configurations  are  coherent,  hence   hT  „  .  £  h .  £  hTTT,.,   j  =  l,...,m. 
3  LB]     j  UBj    J 

It  follows  from  (13)  and  (15)  that 


(17)  ^PRF-CC      S      ^PUB-CC 

and    from    (14)    and    (16)    that 


(18)  PPLB-CC   *   PPRF-CC* 

Further,  since  the  phase  reliability  functions  are  not  less  after 
cut  cancellation  than  before,  i.e.   h.^h.,   j=l,...,m,   then 

(19)  "pRF   *   "pRF-CC 
follows  from  (6)  and  (13) ,  and 


(20)  PpRF   *   Pprf_cc 

follows  from  (7)  and  (14),  where  the  latter  inequality  is  noted 
here  for  further  reference  only.   From  (19)  and  (8)  we  conclude 
that   TrnDL,  _,_,   and   n^,,,-,  nn      are  in  fact  upper  bounds  on  mission 
reliability. 

To  establish  that   pnT3_  nr,     and   p_.T  _,  nn     are  lower  bounds, 
we  need  the  following  remark. 

Remark  1.   Let  $  .   be  the  structure  function  of  the  sim- 

: 

plified  configuration  of  phase   j,   j  =  l,...,m,   and  let   U,  . , 
k  =  l,...,n,   j  =  l,...,m,   be  the  indicator  variables  of  the 
pseudo-components  in  the  equivalent  system.   Then 

TTm   E<t>T(u(1)u(2)...u(j))  *  e  TTm   <t>T(u(1)u(2)...u(j)). 

3=1         J  3=1   J 


10 


Proof.   The  proof  uses  standard  properties  of  associated 
random  variables  which  are  discussed  in  [3] . 

The  simplified  phase  configurations  are  coherent,  and  hence 

the  structure  functions   (J).,   j  =  l,...,m,   are  non-decreasing. 

The  Bernoulli  random  variables   U,  . ,   k  =  l,...,n,   j  =  l,...,m, 

are  independent.   Therefore   ^"(U   'u    ...U(^),   j  =  l,...,m, 

are  associated  Bernoulli  random  variables  for  which  the  assertion 

of  the  remark  holds.  □ 

m 
Using  (2)  ,  (5)  ,  and  (14)  we  obtain   PpRF_cc  =  TT    Ecj>7 

~i ==  1 
(U   U    .  ..U  ^  );   since  cut  cancellation  does  not  affect  mission 


m 


reliability,  (3)  can  be  written  as   p  =  E       (j)  .  (IT1*  U (2)  .  .  .IT3  *  ) 

j=l    J 

Application  of  Remark  1  then  yields  the  inequality 


(21)  PpRF-CC   S   P' 

which  together  with  (20)  establishes  the  desired  results. 

5.   COMPARISONS  OF  THE  BOUNDS 

The  magnitudes  of  the  bounds  on  mission  reliability  pre- 
sented in  the  previous  sections,  and  of  the  mission  reliability 
itself,  can  be  ordered.   This  ordering  is  displayed  in  Figure  1 
where  the  superscripts  refer  to  the  defining  equations  and  inequali 
ties  which  are  summarized. 

No  general  inequalities  can  be  established  between 

W-CC   and   ^PUB'   and  between   PpLB-CC   and   PPRF*   In  the  CaSG 
of  the  two  upper  bounds,  cut  cancellation  on  one  hand  and  the  use 

of  phase  upper  bounds  instead  of  phase  reliability  functions  on 
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the  other  hand  both  tend  to  increase  the  apparent  phase 
reliabilities,  the  amount  of  increase  depending  on  the  structure 
of  the  mission  as  well  as  on  the  component  reliabilities.   In  the 
case  of  the  two  lower  bounds,   ppi   _,_,   tends  to  be  greater  than 
p     because  of  cut  cancellation,  but  also  smaller  because  of 

FKr 

the  use  of  phase  lower  bounds  instead  of  phase  reliability  func- 
tions.  Again,  both  the  structure  of  the  mission  and  the  component 
reliabilities  determine  which  of  them  is  greater  in  a  particular 
case. 

The  inequality 

(22)  PPLB   *   PPLB-CC 

has  not  yet  been  established  formally,  but  is  an  obvious  conse- 
quence of  (10),  (16),  and  the  fact  that   h    £.  h   _  .  ,   j  =  l,...,m, 

.LB]      JjB] 

A  similar  inequality  between  the  upper  bounds   """priD   an<^   ^pnR-rr' 
however,  does  not  exist,  because  it  is  not  necessarily  true  that 
hTTr).  £  hrTt,  .  .   Since  this  may  not  be  intuitively  obvious,  we  give 

Udj      Ud] 

the    following   illustration. 

Example    3.      For   the   mission   of   Example    1,    the   minimal    path 
upper   bound   for   phase    2    is      h0B2  t*12.*22  ,ir32)    =    ^2^22  V  7T127T32  V 
1T227T32      before   cut   cancellation,    and      h      2  (it,  2  ,tt  „_  ,  tt    _)    =    Tri2v1fT32 
after   cut   cancellation.      Assuming    that      t\,  ~    =    tt22    =    tt_2    =    tt,      then 
hUB2(Tr)    =   tt2  (3-37t2+tt,+  )       and      h~    ,(ir)    =   tt(2-tt).      For      0    <    tt   £    .  8 , 
hUB2(7T)    <    hUB2(7T)'       and    for       -9   ^    tt    <    1,       hUB2(Tr)     >    h~B2(Tr).    D 
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It  is  also  possible  to  compare  the  bounds  with  respect  to 
the  computational  effort  required  to  compute  them.   In  general, 
less  effort  is  required  to  compute  the   m  phase  reliability 
functions  separately  than  to  compute  one  reliability  function 
for  the  equivalent  system;  phase  bounds  are  easier  to  compute 
than  phase  reliability  functions;  and  cut  cancellation  simplifies 
all  reliability  calculations,  although  it  requires  computational 
effort  itself.   The  diagram  below  is  an  attempt  to  summarize  these 
observations.   Its  comparisons  may  not  hold  in  all  cases,  but  do 
indicate  what  is  usually  true.   The  symbol   «-   stands  for  "requires 
less  computational  effort  than." 


77  -<-  TT       ■<-  TT  ■*-     7T 

PUB-CC     PUB     PRF-CC     PRF 


PPLB-CC  '   PPLB  *  PPRF-CC  *  PPRF 


6.   AN  ALGORITHM  FOR  THE  "BEST"  LOWER  BOUND 

Trying  to  select  the  best  bound  from  those  presented  here 
is  a  problem  whose  solution  depends  on  the  circumstances  of  each 
particular  application  and  cannot  be  given  in  general.   If  one 
is  interested  in  a  conservative  rather  than  an  optimistic  approxi- 
mation, and  if  the  system  to  be  analyzed  has  components  with 
uniformly  high  conditional  reliabilities  in  all  phases,  then  the 
qualitative  comparisons  of  the  previous  section  and  numerical 
results  suggest  that   pnTD  _    is  a  good  choice.   Since  these 
conditions  are  frequently  encountered,  an  algorithm  for  computing 
PPLB-CC   ^s  9^-ven  below.   Inputs  to  this  algorithm  are  the  phase 
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configurations  (in  the  form  of  block  diagrams,  fault  trees, 

structure  functions,  or  complete  lists  of  minimal  cut  sets  or 

minimal  path  sets) ,  and  estimates  of  the  component  conditional 

phase  reliabilities   tt,  .  ,   k  =  l,...,n,   j  =  l,...,m.   If  one  is 

willing  to  assume  that  components  have  constant  failure  rates 

throughout  each  phase,  then  the  component  conditional  phase 

reliabilities  are  given  by 

-r.  .d. 
k~)  l 
tt,  .  =  e    J   , 

where   r,  .   is  the  failure  rate  of  component   C,   in  phase   j , 
and   d .   is  the  duration  of  phase   j,   k  =  1 , . . . ,n,   j=l,... ,m 

Algorithm  for  Computing   p   R_rr 

(1)  For   j  =  l,...,m,   find  the  minimal  cut  sets  for  the 
configuration  of  phase   j . 

(2)  Perform  cut  cancellation  according  to  the  rule  given  in 
Section  4.   For   j  =  l,...,m,   denote  the  number  of 
minimal  cut  sets  remaining  in  phase   j   by   k(j),   and 
the   i —  minimal  cut  set  remaining  in  that  phase  by 
K.±,   i  =  l,...k(j). 

(3)  For  k  =  l,...,n,   compute   p..   for  all   j  =  l,...,m 
for  which  C,  e  K . .   for  some   i  =  l,...,k(j),   from 

pkj  ■  tt'=i  wkl. 

(4)  Compute   PPLB_CC  from 

m     k(j) 

Pplb-cc  -TT      TT       [i-TTc     K..d-Pkj)]. 

j=l        i=l  k        31  J 
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The  notation  necessary  to  formulate  this  algorithm  in  precise 
mathematical  terms  obscures  its  basically  very  simple  content. 
We  can  restate  it  in  the  following  more  intelligible  form: 

(1)  Find  the  minimal  cut  sets  for  all  phase  configurations. 

(2)  Perform  cut  cancellation. 

(3)  Compute   p,  .   for  each  phase   j   in  which  component 
C,   is  relevant  from 

k  j 

pkj  ■  TT.=1  \± 

(4)  Obtain  the  "best"  lower  bound  on  mission  reliability  by 
computing 

TT  TT  [i.-TT  (1-pki)] 

{all  phases}  {all  min  cut  sets     {all  components  in     J 
in  each  phase}        each  min  cut  set} 

The  following  example,  adapted  from  [4] ,  illustrates  how  the 
algorithm  works. 

Example  4 .  A  system  with  six  components  is  to  perform  a 
three-phased  mission.  The  phase  configurations  are  represented 
by  the  block  diagrams 

phase  1  — 


phase  2 
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phase  3 


-  r 


C, 


The  duration  of  the  phases  are   d,  =  30  min,   d~  =  2  hours,  and 
d,  =  10  hours.   It  is  assumed  that  the  components  have  failure 
tes   r,  .   which  are  constant  throughout  each  phase;  estimates 


ra 


-1 


of  their  values  (in  hours   )  are 


i\k 

1 

2 

3 

4 

5 

6 

1 

0.000 

0.001 

0.020 

0.040 

0.100 

0.000 

2 

0.020 

0.003 

0.006 

0.010 

0.500 

0.020 

3 

0.010 

0.002 

0.005 

0.020 

0.500 

0.020 

A  lower  bound  on  mission  reliability  is  wanted. 

The  application  of  the  algorithm  yields  the  following 
results: 

(1)   The  minimal  cut  sets  are 


(2) 


-  in  phase  1:    #{C3/C4}#,    ^C3'C5> 

-  in  phase  2:    {C±} ,    #{C2,C3}#,    #{C2,C6>#,    {C3,C4> 

-  in  phase  3:    {C^C^},    {C2,C3},    {C2,C6} 

The  minimal  cut  sets  marked   #{  }#   above  are  cancelled. 
The  remaining  minimal  cut  sets  are 


-  in  phase  1:    {C^^Cj-} 

-  in  phase  2:    {C,},    {C^C.} 

-  in  phase  3:    {C,,C-,},    {C0,C^},    {C0/C^-} 


l'^3 


2,v-3 


'2 '"6 
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(3)      We    have    to    compute      p12;       p13;       p^y       P3]/       P32'*       p33; 

p      ;       Pci '"      an<3      P6V      Since    in   the   present  case 

-rk.d. 

it, __.    =  e    -1   ,   we  use  the  equation 


kj 


-rJ  tJ      'rkidi      "^  =  irkidi 

pki  =       ^ki  =       e       =  e 
K:     i=l   K1     i=l 


and  obtain  the  following  values  for   p,  .   (rounded  to  four 
decimals) 

j\kl       2       3       4       5       6 

1  .9900  .9512 

2  .9608  .9782    .9608 

3  .8694    .9738    .9305  .7866 


(4)       The   bound      pptjb-cc      ^s   <3^-ven   ky 


PPLB-CC   =       [1  "   (1-p31>  (1-P51}  ]   X   [1  "   (1-p12>  ] 

x[l-   (1-P32)  (1-P42)]   x   f1  "   ^-^^  (1_p33)] 
x[l-  (1-P23)  (I-P33)]  x   [I"  (I-P23)  (1~p63)]' 

For  the  values  of   p,  .   computed  in  Step  (3),  we  obtain, 

k3 

rounded  to  four  decimals, 

PPLB-CC  *  -9438* 
As  a  comparison,  the  reliability  function  for  the  mission  is 

h  =  P12P33  (p23+p63"p23p63) 

+  P13P23  [d-P31)P42P51  +  (p31-p32)p42+  (p32_p33)]' 
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and  thus  the  exact  mission  reliability,  rounded  to  four  decimals, 
is 

p  =  .9468.  D 

7.   AN  APPROXIMATE  HAZARD  TRANSFORM  FOR  PHASED  MISSIONS 

Recently,  Esary  and  Hayne  [1]  extended  the  scope  of  applica- 
tion of  a  simple  reliability  calculus  of  Rubinstein  [6,  7]  to 
coherent  systems.   This  calculus  uses  an  approximate  hazard 
transform  and  leads  to  conservative  approximations  to  system 
reliability.   We  will  show  here  that  its  scope  can  be  further 
extended  to  phased  missions. 

The  hazard  transform  of  a  system  with  reliability  function 
h(p,,...,p  )   is  defined  as 

~U1       ~Un 
H(u1,...,un)  =  -log  h(e    , . . . ,e    ), 

where   u,  =  -log  p,   is  the  component  hazard  of  component   C\ 

having  reliability  p,  ,    k  =  l,...,n.   The  approximate  hazard 

* 

transform   H    considered  in  [1]  can  be  defined  by  the  following 

rules: 

(1)  For  a  system  consisting  of  a  single  component   C,  , 

* 

H   =  u,  . 
k 

(2)  For  a  system  which  is  a  combination  of  two  modules  (sub- 
systems with  disjoint  sets  of  components)  having 

*        * 

approximate  hazard  transforms   H,   and   H2, 

*  *     * 

H   =  H,  +  H~   if  the  combination  is  series 

*  *   * 

H   =  H,  H~     if  the  combination  is  parallel. 
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(3)   For  a  coherent  system  with  minimal  cut  sets   K, , . . . ,K. 


whos 


e  approximate  hazard  transforms  are   H, , . . . ,H», 


H   —  H,  4"  ...  +  Hq  . 

It  has  been  shown  [1,  Theorem  2.5]  that  this  approximate  hazard 
transform  is  conservative,  i.e.  indicates  greater  system  hazard 
(less  system  reliability)  than  the  exact  hazard  transform. 

In  the  case  of  a  phased  mission,  we  can  go  one  step  further 
and  define  an  approximate  mission  hazard  transform  by  the  rule 

(4)   For  a  phased  mission  whose  simplified  phase  configura- 

*       * 
tions  have  approximate  hazard  transforms   H,  ,  .  .  . ,H  , 

the  approximate  mission  hazard  transform  is 

*     *  * 

H   =  H,  T  ...  +  H  # 

1  m' 

where  the  component  hazards  are   u,  .  =  -log  p,  .  , 
k  =  1 , . . . n ,   j  =  1 , . . . ,m. 

We  will  denote  the  reliability  function  corresponding  to  this 

* 

approximate  mission  hazard  transform  by   h  ,   i.e. 

* 
(23)  h   =  e  rt  . 

By  comparing  steps  (1) ,  (2)  ,  and  (3)  of  the  rule  above  with 

the  method  of  computing  the  minimal  cut  lower  bounds  for  the 

reliability  of  the  simplified  phase  configurations,  we  can  conclude 

-H* 
immediately  that   e   -1  ^  hT  .  ,   j  =  l,...,m.   It  then  follows 

from  (16)  and  (23)  that 

* 

PLB-CC' 


(24)  h*  &    p. 
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* 
and  hence  from  (18)  and  (21)  that   h    is  a  lower  bound  on  mission 

reliability  or,  equivalently ,  that  the  approximate  mission  hazard 

transform  is  conservative. 

* 
An  algorithm  for  computing  the  lower  bound   h    follows 

the  first  three  steps  of  the  algorithm  for  computing   PnTt,  „n  • 

P.Li.B— CL. 

The  next  steps  are 

(5)  Compute  the  component  hazards 

u,  .  =  -log  p,  . 

for  all   (i,j)   for  which   p,  .   has  been  computed  in 
Step  (3). 

(6)  Compute  the  approximate  mission  hazard  transform 

*    „m    „k(j) 


H  "I      ,    I  \EK,  ukj- 

j=l   i=l    k    ji    J 

(7)   Compute  the  lower  bound 

* 

*     -H 
h   =  e 

A  comparison  of  this  algorithm  with  the  one  presented  in 

* 
Section  6  indicates  that  the  computation  of  the  lower  bound   h 

requires  more  effort  than  the  computation  of  the  lower  bound 

* 
ppL   _,_;   we  also  know  from  (24)  that   h    is  less  precise  than 

pPLR-c:c*   Thus,  it  may  seem  counterproductive  to  pursue  the 

approximate  mission  transform  any  further.   However,  if  one  is 

willing  to — or  has  to,  for  lack  of  better  information — assume 

constant  component  phase  failure  rates,  then  the  component  hazards 

J 

u,  •   take  on  the  simple  form  u,  .  =  I  r,  -d-,      and  computations 

1~±  * 

are  simplified  considerably.   In  this  case,  an  algorithm  for   h 
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consists  of  the  following  steps  (expressed  in  an  "intelligible" 

form)  : 

* 

Algorithm  for  Computing   h    in  the  Case  of 

Constant  Component  Phase  Failure  Rates. 

(1)  Find  the  minimal  cut  sets  for  all  phase  configurations. 

(2)  Perform  cut  cancellation. 

(3)  Compute  the  component  hazard   u,  .   for  each  phase   j 
in  which  component   C,   is  relavent  from 

U,  •  =  I  r.  .  d .  . 

3  i=l   kl  1 

(4)  Obtain  the  approximate  mission  hazard  transform  from 

H*  -  I  I  JT  u.. 

{all  phases)  {all  min  cut  sets    {all  components  in     J 
in  each  phase}      each  min  cut  set} 

* 

(5)  Compute  the  lower  bound   h    from 

* 
h  =  e 

When  component  phase  failure  rates  are  assumed  constant, 
the  approximate  mission  hazard  transform  becomes  a  polynomial  in 
each  of  the  phase  durations.   Thus,  it  is  well  suited  for  para- 
metric studies,  as  is  demonstrated  in  the  next  example. 

Example  5 .   Consider  the  mission  of  Example  4.   Assume  that- 
all  other  data  being  the  same  as  before--the  duration  of  phase  2, 
d2/   is  now  uncertain,  and  that  a  sensitivity  analysis  on  it  is 
desired. 
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From  the  algorithm  above,  we  obtain  the  following  general 
expression  for  the  approximate  mission  hazard  transform: 

(25)     H*  =  r31d1r51d1 

+  (r11d1+r12d2)  +  (r31d1+r32d2) (r^+r^) 

+  (r11d1+r12d2+r13d3) (^d^r^d^r^) 

+  (r21d1+r22d2+r23d3)  (r^+r^+r^) 

+  (r21d1+r22d2+r23d3) (r^d^r^+r^) . 

* 
H    as  a  function  of   d„   can  be  written  as 

H  (d2)  =  a  +  bd2  +  cd2  , 

with 

a  =  diril 

+  d[ (r11r31+r21r31+r21r61+r31r41+r31r51) 

+  dxd3  (r11r33+r13r31-fr21r33+r23r31+r21r63+r23r61) 

+  d3(r13r33+r23r33+r23r63) , 


b  =  r 


+  dl(rllr32+r12r31+r21r32+r21r62 

+r22r31+r22r61+r31r42+r32r41) 
+  d3(r12r33+r13r32+r22r33+r22r63+r23r32+r32r62)  , 


C    rl2r32 + r22r32 + r22r62 +  r32r42 
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For  the  data  given  in  Example  4,  the  numerical  values  of  these 
coefficients  are 

a  =  0.012030 

b  =  0.023333  hours"1 

-2 
c  =  0.000258  hours 


For  various  durations  of  phase  2  (in  hours) ,  the  approximate 

* 
mission  hazard  transform  H   and  the  lower  bound  on  mission 

* 
reliability   h  ,   both  rounded  to  four  decimals,  are  shown  below. 


d2 

* 

H 

* 

h 

0 

0.0120 

0.9880 

1 

0.0356 

0.9650 

2 

0.0597 

0.9420 

3 

0.0844 

0.9191 

4 

0.1095 

0.8963 

5 

0.1351 

0.8736 

6 

0.1613 

0.8510 

7 

0.1880 

0.8286 

8 

0.2152 

0.8064 

9 

0.2429 

0.7843 

10 

0.2712 

0.7625 

For   d2  =  2  hours,   ppL R_rr   and   p   have  been  computed  in  Example  4. 

* 
Their  values  are  repeated  below,  together  with  the  value  of   h 

(dp =  2  hours),  to  facilitate  a  comparison. 

p  =  .9468 

PPLB-CC         =  *9438  I 

h  (d2 =  2  hours)  =  .9420.  D 
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In  the  case  of  constant  component  phase  failure  rates,  the 
approximate  hazard  transform  can  also  be  used  to  estimate  mission 
reliability  when  phase  durations  vary  randomly.   If   D,,...,D 
are  nonnegative  random  variables  denoting  the  durations  of  the 

phases,  then  the  approximate  mission  hazard  transform  is 

*  * 

EH  (D, ,...,D  ),   where  the  function   H    is  defined  as  before 

and   E   denotes  expectation.   As  an  approximation  to  mission 

reliability  we  now  use 

* 

,na\  *      "EH  (D, , . . . ,D  ) , 

(26)  g   =  e      1      m 

which  is  much  easier  to  calculate  than  the  exact  value 

* 

„  -H  (Dn , . . . ,D  )  -x  c  , 

Ee      1      m  .   Since   e     is  a  convex  function  of   x,   it 

— FH  (D        D  ) 

follows  from  Jensen's  inequality  that   e       1'*'*'  m   ^ 

* 

— H  (D       D  )  * 

Ee      1    *'  m  ,   and  therefore   g    is  a  lower  bound  on  mission 

reliability. 

In  our  last  example,  we  show  how  this  approximation  can 

be  used,  even  without  a  complete  knowledge  of  the  probability 

distributions  of  the   D.'s. 

3 

Example  6 .   Consider  again  the  mission  of  Example  4,  but 
this  time  assume  that — all  other  data  being  the  same  as  before — 
the  durations  of  phases  2  and  3  are  random.   The  mean  durations 
are  known  to  be   ED2  =  d2  =  2  hours   and   ED.,  =  d3  =  10  hours, 
and  the  total  duration  of  these  two  phases  together  is   0^+0^= 
12  hours.   An  estimate  for  the  mission  reliability  under  these 
circumstances  is  wanted. 
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* 
By  rearranging  the  terms  of  (25)  we  can  express   H   as  a 

function  of   D2   and   D-.   by 

H*(D2/D3)  =  a1  +  a2D2  +  a3D3  +  a4D2  +  a5D^4-a6D2D3/ 

where  the  coefficients   a, , . . . ,afi   depend  only  on  the  known  dura- 
tion of  phase  1  and  the  component  phase  failure  rates.   Since 
D2 + D3  =  constant,  then  Var  D2  =  Var  D_,   and   Cov(D2,D_)  = 
-Var  D2  =  -Var  D_ .   Denoting  this  common  but  unknown  variance  by 
a2,   we  can  write   ED2  =  a2+d2,   ED2  =  a2+d2,   and  ED2D3  = 
dpd2-a2,   and  obtain 

ft 

EH  (D2,D3)  =  a,  + a2d2  +  a-d^  +  a.d2  +  a5d2  +  agd2d3  +  a2 (a.+a5-a6) , 
or,  numerically, 

EH  (D2,D3)  =  0.059728  +  0.000071  a2/hours2. 

For   a2  =  0,   i.e.  when  the  durations  of  phases  2  and  3  take  on 

* 
their  expected  values  with  probability  one,   EH  (D2,D3)  =  0.0597 

* 
and   g   =  .9420,   which  agrees  with  the  corresponding  results  of 

Example  5.   As   a    increases,   EH  (D2,D-J   increases  and  g 

decreases:   since   a2   cannot  be  greater  than  20  hours2   under 

* 
the  given  conditions,  the  maximum  value  of  EH  (D2,D3)   is   0.0611, 

* 

and  the  corresponding  minimum  value  of  g   is   .94  07.   We  can 

therefore   conclude  that  the  mission  reliability  is  at  least  0.94. 

D 
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